Wednesday, May 19, 2010

Remote Phone Wiping Thwarts Secret Service

Smartphones that offer the ability to "remote wipe" are great for when your device goes missing and you want to delete your data so that someone else can't look at it, but not so great for the United States Secret Service (USSS).

The ability to "remote wipe" some smartphones such as BlackBerry and iPhone was causing havoc for law enforcement agencies, according to USSS special agent Andy Kearns, speaking yesterday on mobile phone forensics at the AusCERT 2010 security conference.

The problem is that accomplices can remotely wipe the phones if the agencies don't remember to remove the battery or turn off smartphones before sending them off to the forensics laboratory, he said.

"So if you've got a suspect and you take the cell phone away from him, and he's got somebody on the outside that can help get on the [remote wipe] website to get his phone wiped, all your evidence is gone before you get a chance to examine," he said.

Kearns said he'd never personally faced the situation, but he knew other examiners who had.

"Sometimes you'll get a cellphone that comes in that is wiped, [but] it's not all that common," he said. Agents were trained to incapacitate devices, but Kearns cautioned that not all enforcement agencies had the same knowledge.

"Hopefully our officers are putting the cell phones in a Faraday bag that is shielded, pulling the battery [out] and turning them off [before] getting them into the shielded laboratory."